On Fri, Nov 08, 2002 at 11:17:39AM +0800, kai ouyang wrote: > Hi, > I am trying to understand the ACL implementation in FreeBSD-Current. I > have a question about ACL. > in "acl.h", there are some acl_type_t value macro: > /* > * Possible valid values for acl_type_t arguments. > */ > #define ACL_TYPE_ACCESS 0x00000000 > #define ACL_TYPE_DEFAULT 0x00000001 > #define ACL_TYPE_AFS 0x00000002 > #define ACL_TYPE_CODA 0x00000003 > #define ACL_TYPE_NTFS 0x00000004 > #define ACL_TYPE_NWFS 0x00000005 > > But I am not sure what's means.
See the POSIX.1e draft[1] for detailed explanations. Basically we support access ACL's on files and directories allowing discretionary access control and default ACL's on directories which determine the default access ACL's on any files and directories created below it. > in the 'setfacl' source, I found the usage: > If we want to control a directory, > acl[ACL_TYPE_DEFAULT] = acl_get_file(filename, ACL_TYPE_DEFAULT); > if we want to sontrol a file, > acl[DEFAULT_ACL] = NULL; > Why? > What's the difference among those macros? > Why must a directory object reserve two acl_t_structs, and a file only need > one? > Because directories may have both default and access ACL's whereas files may only have access ACL's. [1] http://wt.xpilot.org/publications/posix.1e/ -- Chris D. Faulhaber - [EMAIL PROTECTED] - [EMAIL PROTECTED] -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org
msg46340/pgp00000.pgp
Description: PGP signature